CVE-2023-5368 (GCVE-0-2023-5368)
Vulnerability from cvelistv5 – Published: 2023-10-04 03:38 – Updated: 2024-08-02 07:59
VLAI
Title
msdosfs data disclosure
Summary
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.
This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
Severity
6.5 (Medium)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
3 references
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"msdosfs"
],
"product": "FreeBSD",
"vendor": "FreeBSD",
"versions": [
{
"lessThan": "p4",
"status": "affected",
"version": "13.2-RELEASE",
"versionType": "release"
},
{
"lessThan": "p6",
"status": "affected",
"version": "12.4-RELEASE",
"versionType": "release"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maxim Suhanov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\u003c/p\u003e\u003cp\u003eThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\u003c/p\u003e"
}
],
"value": "On an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\n\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T20:59:57.519Z",
"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"shortName": "freebsd"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0004/"
},
{
"url": "https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "msdosfs data disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
"assignerShortName": "freebsd",
"cveId": "CVE-2023-5368",
"datePublished": "2023-10-04T03:38:09.357Z",
"dateReserved": "2023-10-03T21:14:20.733Z",
"dateUpdated": "2024-08-02T07:59:43.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5368",
"date": "2026-06-06",
"epss": "0.00126",
"percentile": "0.31416"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.4\", \"matchCriteriaId\": \"A7F6C8B0-9D75-476C-ADBA-754416FBC186\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.2\", \"matchCriteriaId\": \"BA49E374-9F1A-4F62-B88D-CD36EDEA6060\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"24920B4D-96C0-401F-B679-BEB086760EAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CE32730-A9F5-4E8D-BDA4-6B8232F84787\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"552E81DE-D409-475F-8ED0-E10A0BE43D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"251CAE22-C3E6-45AD-8301-F36BEE5C6860\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"85D94BCA-FA32-4C10-95CD-5D2A69B38A7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C950F97-40B4-43BF-BB81-C49CE00A468B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A87EFA20-DD6B-41C5-98FD-A29F67D2E732\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2888B0C1-4D85-42EC-9696-03FAD0A9C28F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3306F11-D3C0-41D6-BB5E-2ABDC3927715\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E584FE1-3A34-492B-B10F-508DA7CBA768\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"On an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\\n\\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\\n\\n\"}, {\"lang\": \"es\", \"value\": \"En un sistema de archivos msdosfs, las llamadas al sistema \u0027truncate\u0027 o \u0027ftruncate\u0027 bajo ciertas circunstancias llenan el espacio adicional en el archivo con datos no asignados del dispositivo de disco subyacente, en lugar de cero bytes. Esto puede permitir que un usuario con acceso de escritura a archivos en un sistema de archivos msdosfs lea datos no deseados (por ejemplo, de un archivo previamente eliminado).\"}]",
"id": "CVE-2023-5368",
"lastModified": "2024-11-21T08:41:37.510",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2023-10-04T04:15:14.143",
"references": "[{\"url\": \"https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231124-0004/\", \"source\": \"secteam@freebsd.org\"}, {\"url\": \"https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231124-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secteam@freebsd.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secteam@freebsd.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1188\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1188\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5368\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2023-10-04T04:15:14.143\",\"lastModified\":\"2024-11-21T08:41:37.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On an msdosfs filesystem, the \u0027truncate\u0027 or \u0027ftruncate\u0027 system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.\\n\\nThis may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).\\n\\n\"},{\"lang\":\"es\",\"value\":\"En un sistema de archivos msdosfs, las llamadas al sistema \u0027truncate\u0027 o \u0027ftruncate\u0027 bajo ciertas circunstancias llenan el espacio adicional en el archivo con datos no asignados del dispositivo de disco subyacente, en lugar de cero bytes. Esto puede permitir que un usuario con acceso de escritura a archivos en un sistema de archivos msdosfs lea datos no deseados (por ejemplo, de un archivo previamente eliminado).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secteam@freebsd.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.4\",\"matchCriteriaId\":\"A7F6C8B0-9D75-476C-ADBA-754416FBC186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.2\",\"matchCriteriaId\":\"BA49E374-9F1A-4F62-B88D-CD36EDEA6060\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"24920B4D-96C0-401F-B679-BEB086760EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CE32730-A9F5-4E8D-BDA4-6B8232F84787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"552E81DE-D409-475F-8ED0-E10A0BE43D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"251CAE22-C3E6-45AD-8301-F36BEE5C6860\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"85D94BCA-FA32-4C10-95CD-5D2A69B38A7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:12.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C950F97-40B4-43BF-BB81-C49CE00A468B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A87EFA20-DD6B-41C5-98FD-A29F67D2E732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2888B0C1-4D85-42EC-9696-03FAD0A9C28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3306F11-D3C0-41D6-BB5E-2ABDC3927715\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E584FE1-3A34-492B-B10F-508DA7CBA768\"}]}]}],\"references\":[{\"url\":\"https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231124-0004/\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"https://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231124-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…